Web Activist's Suicide Highlights Tech Law

Aaron Swartz
never reckoned that making information free could carry such a price.

Aaron Swartz, who went from teen computer prodigy to Internet activist, killed himself as a possible plea deal with prosecutors stalled. Spencer Ante joins Markets Hub to discuss. Photo: Reuters.

The 26-year-old Internet activist hanged himself Friday, about three months before he was to face a range of felony charges, and possibly more than three decades in prison, for allegedly using the Massachusetts Institute of Technology's computer network to download nearly five million academic-journal articles from a database that charged for access.

ENLARGE

Aaron Swartz in December
ThoughtWorks/Associated Press

What began as a straightforward report of a campus breaking-and-entering incident eventually ensnared Mr. Swartz, who had written publicly about his battle with depression, in the broader federal apparatus for prosecuting computer crimes.

In that arena, prosecutors have an unusual amount of leeway in the type of cases they can bring. Their main tool is the 1986 Computer Fraud and Abuse Act, an anti-hacking statute that makes unauthorized use of a computer a crime. It was written broadly to keep it in step with the rapid pace of technological change.

The law's key phrases prohibit accessing a computer "without authorization" or in a way that "exceeds authorized access," said
Stewart Baker,
a partner at Steptoe & Johnson LLP and former Department of Homeland Security official. The law doesn't define those terms.

More

"All you could say is that a computer crime is doing something wrong with a computer that you weren't supposed to do," said Mr. Baker. "When you write a crime that broad, the risk is it will be used too creatively by the Justice Department."

The U.S. attorney's office in Massachusetts declined to comment on Mr. Swartz's case, citing respect for his family. Legal experts including
Orin Kerr,
a former federal prosecutor who is now a law professor at George Washington University, said the charges brought in the case were appropriate given what Mr. Swartz was accused of doing.

Federal prosecutors have ramped up efforts to pursue hackers after a number of high-profile intrusions into government and corporate computer systems.

At the top of their list of targets are state-sponsored hackers who threaten national security and organized criminals who break into computers for financial gain. The longest prison sentence so far in a U.S. hacking case—20 years–was given to a Miami man,
Albert Gonzalez,
in 2010 for his role in the theft and sale of millions of credit and debit cards.

Vote

In recent years, prosecutors in the U.S. and Europe have become increasingly concerned about the growth of hacking groups, known as "hacktivists."

The groups, sometimes formed under the guise of free-lance computer-security firms, have exposed the security vulnerabilities of computers used by government, law enforcement and corporations through online mischief.

Unlike previous hackers, they also have demonstrated an ability to carve out a place in the public consciousness through the use of social media and online-video websites like
Google
Inc.
's YouTube.

Their operations have been difficult for authorities to break up, because they are often loose-knit groups, sometimes with members around the world.

Last year, the Justice Department charged a group of men allegedly behind LulzSec, a globe-spanning collective that claimed responsibly for hacking into the computers of television network PBS in May 2011 in retaliation for a "Frontline" episode about WikiLeaks, an organization that published thousands of classified U.S. documents, and for hacking
Sony
Pictures computers and stealing personal information on about 100,000 of its customers.

A member of the hacking group Anonymous,
Higinio O. Ochoa III,
was sentenced to two years in prison in August, after pleading guilty to tapping into several law-enforcement computers, defacing websites and stealing confidential data.

Mr. Swartz faced stiffer penalties. He was indicted in July 2011 for computer fraud, wire fraud and several other offenses that could have put him in prison for 35 years and exposed him to fines of up to $1 million.

Mr. Baker called that degree of punishment "preposterous." The government had indicated to Mr. Swartz's lawyer that it might only seek seven years at trial and was willing to bargain that down to six to eight months in exchange for a guilty plea, a person familiar with the matter said.

Mr. Swartz's case was rare in that he sought no financial gain with his alleged stunt, and it didn't have the disruptive force of an attack by one of the hacking collectives. But there was little question that, if the allegations proved true, he violated federal law, legal experts said.

"It's a little arrogant to say, 'I'm doing this for the greater good, so nobody can prosecute me,' " Mr. Baker said.

This copy is for your personal, non-commercial use only. Distribution and use of this material are governed by our Subscriber Agreement and by copyright law. For non-personal use or to order multiple copies, please contact Dow Jones Reprints at 1-800-843-0008 or visit www.djreprints.com.